Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 29 Jun 2017 11:43:13 +0200
From: Thomas Deutschmann <whissi@...too.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request: sthttpd remote heap buffer overflow

Hi,

I requested a CVE from MITRE and got CVE-2017-10671 for this
vulnerability:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
>> [Vulnerability Type]
>> Heap-based Buffer Overflow in the de_dotdot function in libhttpd.c in sthttpd before 2.27.1
>> allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted filename.
>> 
>> ------------------------------------------
>> 
>> [Vulnerability Type]
>> Buffer Overflow
>> 
>> ------------------------------------------
>> 
>> [Affected Product Code Base]
>> sthttpd - <2.27.1
>> 
>> ------------------------------------------
>> 
>> [Affected Component]
>> de_dotdot function
>> 
>> ------------------------------------------
>> 
>> [Attack Type]
>> Remote
>> 
>> ------------------------------------------
>> 
>> [CVE Impact Other]
>> I have no information about the impact. Would be nice if you could check on your own.
>> 
>> ------------------------------------------
>> 
>> [Attack Vectors]
>> A remote attacker could trigger the flaw in sthttpd's request parsing code via a specially crafted request.
>> 
>> ------------------------------------------
>> 
>> [Reference]
>> http://www.openwall.com/lists/oss-security/2017/06/15/9
>> https://github.com/blueness/sthttpd/releases/tag/v2.27.1
>> https://github.com/blueness/sthttpd/commit/c0dc63a49d8605649f1d8e4a96c9b468b0bff660
>> 
>> ------------------------------------------
>> 
>> [Has vendor confirmed or acknowledged the vulnerability?]
>> true
>> 
>> ------------------------------------------
>> 
>> [Discoverer]
>> Alexandre Rebert from ForAllSecure
> 
> Use CVE-2017-10671.
> 
> 
> - -- 
> CVE Assignment Team
> M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
> [ A PGP key is available for encrypted communications at
>   http://cve.mitre.org/cve/request_id.html ]
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> 
> iQIcBAEBCAAGBQJZVGIGAAoJEHb/MwWLVhi2PPAP/RRQ9jGYVCEvLryJtICH/vvj
> ZjS17vckkYVbSOMoTNQR9WihtsQCzkQZ+LL2Qnio45+NORCGn6nLMAi24SotXlrs
> HI16p2h3+fZ3H/JCgT46fUDUHetq30Fy6NhwSKxCwtYEKiNvw4yT0QIPK9bmzf/p
> nTKHDQCMqYp82tFBgReZPRivQcd/+Zbi6CWsS0oNzIsADjZZx1RdaHBJoOZIFcKv
> bBopi0KDIPNgn3VsZwANz0Ex/ju3TfJVb8A9jpNyKlYaKwsou/TAw1g2l90KZxzW
> Som1pG8s/I+MynJhHDNpJm59S6nFWAzZh++lySiEWIepiEsWhEzBpJBBkSAp3wum
> TPhQNJ9BJdiS54rNqKMTGx7WxEvEcklsGQG87bfmUdyNRHYl/lElRYPNelciTnyU
> 38B7E1FwcF793Z5JJfwge1ayo7ShaCaUGx082nU9XVuSFfpG0vrcelOhFAZ0cxyW
> 9+DbSW/01FWWL35pEN0LJ5m5GeOpNa+hjn9VS/qbOiHk9n/PszbL00lS+Q+LKqTj
> J3rOoTkM69d1stlcO8/ehwyr/xo6n6u8v8BmV6So1VWgefk/cI98aoOQvEIDpwQt
> iALKi/+UinhQhG0vCtkKHXsFYXIOv7zk03EfKT37Bh13DuBBJDgIt9nMesVxpsRE
> SmLuxFujGHPobnwbNGqJ
> =CKLn
> -----END PGP SIGNATURE-----


-- 
Regards,
Thomas Deutschmann / Gentoo Security Team
C4DD 695F A713 8F24 2AA1  5638 5849 7EE5 1D5D 74A5




[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ